2

I created self signed certificate for test purposes. I used this post: SSLStream example - how do I get certificates that work? I use code on client like this.

AuthenticateAsClient("testName", null, SslProtocols.Default, false);

and on server:

BeginAuthenticateAsServer(certificate, false, SslProtocols.Default, false, EndAuthenticate, obj);

If I start on same machine where certificate it's ok. But when I move client on other machine I get RemoteCertificateChainErrors.

Does somebody know should I use some "real" certificate or I should add some options to my current?

PS: Cer has All application policies, All issuance policies Pfx has All application policies

Community
  • 1
  • 1
user1711993
  • 271
  • 4
  • 20

1 Answers1

3

It should work from other machine too. Things to check:

  1. Did you import RootCATest.cer into Computer store's Trusted Root Certification Authorities on new client machine?
  2. Is a server name (first param in AuthenticateAsClient() - in your example "testName") equal to CN in subject of server certificate?

UPDATE: It should work from other machine too, but you have to import your self-signed root CA cert to its Trusted Root Certification Authorities store. Your custom CA certificate is not trusted by default on the client. If you order certificate from trusted CA, you do not have to import anything on the client because their CAs are already there. Trusted CA do some checks (if you are an owner of the domain etc.) before they issue the SSL certificate to you.

Juraj Majer
  • 567
  • 5
  • 10
  • Hello! Step 2 is OK! but step 1 has some questions. I imported to trusted root cer and pfx that's why it's working on one machine. But another machine doesn't have nothing! I thought it should work without nothing on client computer! In real world we have just one certificate on server part. – user1711993 Mar 11 '15 at 12:39
  • The main goal I want simulate working between client and server without client certificate. – user1711993 Mar 11 '15 at 12:40
  • 1
    Yes, certificate is only on server side (no client certificate). But client validates server certificate in SSL handshake and this certificate must be issued but trusted root CA certificate. Windows on client machine has many CA certificates in trust store out-of-the-box, but there isn't your RootCATest.cer. So you have to import it there to work. If you order SSL certificate from GoDaddy, GlobalSign etc. you do not have to import anything on client. – Juraj Majer Mar 11 '15 at 13:17
  • Did I understand correctly? If I change to normal certificate it will work. If I use self signed certificate and want place it on other machine it gives me RemoteCertificateChainErrors? Please can you put your comment in answer I will accept it! – user1711993 Mar 11 '15 at 14:10